在jwt令牌新增时间戳，使得jwt更加安全，优化前端

PandoraNext-TokensTool/src/views/homeIndex.vue

@@ -86,7 +86,7 @@
             >
               TokensTool
             </span>
-            <el-tag>v0.4.7.1</el-tag>
+            <el-tag>v0.4.7.2</el-tag>
           </div>
         </template>
       </el-page-header>

PandoraNext-TokensTool/src/views/homeIphone.vue

@@ -246,7 +246,7 @@
             <br />
             欢迎大家来扩展
             <a href="https://github.com/Yanyutin753/PandoraNext-TokensTool"
-              >PandoraNext-TokensTool v0.4.7.1
+              >PandoraNext-TokensTool v0.4.7.2
             </a>
           </h2>
         </div>

PandoraNext-TokensTool/src/views/loginIndex.vue

@@ -74,7 +74,7 @@
             <a href="https://ai.fakeopen.com/auth">Pandora地址</a>
             欢迎大家来扩展
             <a href="https://github.com/Yanyutin753/PandoraNext-TokensTool"
-              >PandoraNext-TokensTool v0.4.7.1
+              >PandoraNext-TokensTool v0.4.7.2
             </a>
           </h3>
         </div>
@@ -89,7 +89,7 @@
             <br />
             欢迎大家来扩展
             <a href="https://github.com/Yanyutin753/PandoraNext-TokensTool"
-              >PandoraNext-TokensTool v0.4.7.1
+              >PandoraNext-TokensTool v0.4.7.2
             </a>
           </h3>
         </div>

rearServer/src/main/java/com/yyandywt99/pandoraNext/interceptor/LoginCheckInterceptor.java

@@ -29,8 +29,6 @@ public boolean preHandle(HttpServletRequest req, HttpServletResponse resp, Objec
         String password = systemSetting.getLoginPassword();
         String username = systemSetting.getLoginUsername();
 
-        JwtUtils.setSignKey(password);
-
         //1.获取请求url。
         String url = req.getRequestURL().toString();
         log.info("请求的url: {}",url);

rearServer/src/main/java/com/yyandywt99/pandoraNext/service/impl/systemServiceImpl.java

@@ -4,6 +4,7 @@
 import com.yyandywt99.pandoraNext.pojo.tls;
 import com.yyandywt99.pandoraNext.pojo.validation;
 import com.yyandywt99.pandoraNext.service.systemService;
+import com.yyandywt99.pandoraNext.util.JwtUtils;
 import lombok.extern.slf4j.Slf4j;
 import org.json.JSONArray;
 import org.json.JSONException;
@@ -16,6 +17,7 @@
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
+import java.time.Instant;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
@@ -88,10 +90,20 @@ public String requiredSetting(systemSetting tem){
             else {
                 jsonObject.put("whitelist", JSONObject.NULL);
             }
-            updateJsonValue(jsonObject,"license_id",tem.getLicense_id());
+
+            //4.7.2
+            if(! tem.getLoginPassword().equals(jsonObject.optString("loginPassword"))
+                    || ! tem.getLoginUsername().equals(jsonObject.optString("loginUsername"))){
+                Instant instant = Instant.now();
+                //时间戳
+                String key = String.valueOf(instant.toEpochMilli());
+                JwtUtils.setSignKey(key);
+            }
+
             updateJsonValue(jsonObject,"loginUsername",tem.getLoginUsername());
             updateJsonValue(jsonObject,"loginPassword",tem.getLoginPassword());
 
+            updateJsonValue(jsonObject,"license_id",tem.getLicense_id());
             updateJsonValue(jsonObject,"autoToken_url",tem.getAutoToken_url());
             updateJsonValue(jsonObject,"getTokenPassword",tem.getGetTokenPassword());
             updateJsonValue(jsonObject,"containerName",tem.getContainerName());

rearServer/src/main/java/com/yyandywt99/pandoraNext/tokensToolApplication.java

@@ -1,10 +1,13 @@
 package com.yyandywt99.pandoraNext;
 
+import com.yyandywt99.pandoraNext.util.JwtUtils;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.scheduling.annotation.EnableScheduling;
 
+import java.time.Instant;
+
 /**
  * @author YANGYANG
  */
@@ -17,8 +20,10 @@
 @SpringBootApplication
 public class tokensToolApplication {
     public static void main(String[] args) {
-        log.info("PandoraNext-tokensTool v 0.4.7.1 版本，修改了jwt的漏洞问题，感谢您的使用！");
+        log.info("PandoraNext-tokensTool v 0.4.7.2 版本，修改了jwt的漏洞问题，新增时间戳来加强防御，感谢您的使用！");
+        Instant instant = Instant.now();
+        String key = String.valueOf(instant.toEpochMilli());
+        JwtUtils.setSignKey(key);
         SpringApplication.run(tokensToolApplication.class, args);
     }
-
 }

rearServer/src/main/java/com/yyandywt99/pandoraNext/util/JwtUtils.java

@@ -21,7 +21,8 @@
 @Data
 @NoArgsConstructor
 public class JwtUtils{
-    private static String signKey = "硬编码的伤";
+    //硬编码的伤
+    private static String signKey = "123456";
     private static Long expire = 43200000L;
 
     /**

rearServer/src/main/resources/static/index.html

@@ -1 +1 @@
-<!doctype html><html lang=""><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width,initial-scale=1"><title>Welcome to PandoraNext-TokensTool</title><script defer="defer" src="js/chunk-vendors.0ce29eef.js"></script><script defer="defer" src="js/app.d802ccc6.js"></script><link href="css/chunk-vendors.8a308144.css" rel="stylesheet"></head><body><div id="app"></div></body></html>
+<!doctype html><html lang=""><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width,initial-scale=1"><title>Welcome to PandoraNext-TokensTool</title><script defer="defer" src="js/chunk-vendors.0ce29eef.js"></script><script defer="defer" src="js/app.031a48f4.js"></script><link href="css/chunk-vendors.8a308144.css" rel="stylesheet"></head><body><div id="app"></div></body></html>